Memory Management Vulnerability in Linux Kernel Affects Security of Crypto Data
CVE-2025-38575

Currently unrated

Key Information:

Vendor: Linux
Status: Linux
Vendor: CVE Published:; 18 April 2025

Summary

A vulnerability has been identified in the Linux kernel's handling of memory allocation related to the ksmbd service. The flaw stems from improper memory deallocation that could leave sensitive cryptographic data unprotected. The function aead_request_free() should be utilized in place of kfree() to ensure that sensitive information is securely zeroed out before being freed. This change enhances data security by preventing potential information leakage, ensuring that sensitive cryptographic materials are permanently wiped from memory.

Affected Version(s)

Linux e2f34481b24db2fd634b5edb0a5bd0e4d38cc6e9 < 571b342d4688801fc1f6a1934389dac09425dc93

Linux e2f34481b24db2fd634b5edb0a5bd0e4d38cc6e9

Linux e2f34481b24db2fd634b5edb0a5bd0e4d38cc6e9 < 1de7fec4d3012672e31eeb6679ea60f7ca010ef9

References

https://git.kernel.org/stable/c/571b342d4688801fc1f6a1934...

https://git.kernel.org/stable/c/a6b594868268c3a7bfaeced91...

https://git.kernel.org/stable/c/1de7fec4d3012672e31eeb667...

Timeline

Vulnerability published
Apr 18, 2025
Vulnerability Reserved
Apr 16, 2025